View RSS Feed

Carnage

Infection

Rate this Entry
A problem that plagues meny a game owner is that of how to detect multiple accounts and how to distinguish between players that are seperate and in the same house and those that are genuinely cheating.

In foe, i've always kept good logs of practically every method of figuring out if an account is run by the same person - I'm not going into specifics, but i dont just rely on ip address information. The problem has always been - how to aggregate this information to create an automated system as despite the quantity of information and scripts I have for this, I still find that i end up having to manually check accounts that the system flags up.

Inspired (sortof) by biological systems, I came up with this mechanism that works well for this problem and should adapt well for other similar tasks, namely discovering similarities between entities based on their interactions.

How it works
  • Each entity has a host 'bacteria'.
  • This bacteria is harmless to the host.
  • In high quantities (application specific) it is lethal (or demonstrates a link) to others.
  • Bacteria are spread by sharing/interacting.
  • Actions can either be additive or multiplicitive.
  • Bacteria can die off over time if a temporal relationship is also required.


A sortof Example

As mentioned, there are additive and multiplicitive actions, these are important as some actions can be totally harmless when done between two accounts that have never before interacted, however far more suspicious if other markers are in place already. For an online game, such as foe, roc, koc etc. I came up with the following actions:

Additive

Sharing an Ip: If an ip address used for accessing one account is subsequently used to access another; infect each account with 1 unit of the others bacteria. This action should probaly have a time limit on it as ip addresses are dynamic. The exact limit should be determined in the field.

Sharing a PC: This one is harder for a browser based game but can be done reasonable accuratly using a combination of javascript, cookies, browserside caches and a number of other methods. As above infect each account with 1 unit.

Multipicitive
These actions are ones that demonstrate that a cheater is benifitting from having more than one account but generally for normal players are just part of game play.

Attacking someone: Attacking a player could be indicative of using one account to boost a second, in most games this is fine between alliance members, but its obviously not fine for a cheater to do it. Its also normal game play for two people who happen to just share an ip due to being at school together for example. So a low multiply factor is used in general. However, if either of the following conditions are true, a much higher factor should be used:
  • the defending player has recently sold/untrained a large number of men/weapons.
  • the defending player has a lot more gold than is an average for foe this can be generalised by them having more than 5 turns of gold other games will be different


Attacking the same player:This could be shown as an example of using one account to 'probe' for a main account, or of ganging up multiple accounts against an enemy. This is obviously not at all suspicious if the two players dont share ips/pcs as its just normal game play. The multiply factor for this should probably start of fairly low but increase the more times it happens. Time should also be taken into account - if the attacks happen within minuites its far more suspect than if attacks are hours apart.

The exact factors for the above actions still need to be determined as does the 'lethal' dose of bacteria. It would also be possible to 'kill off' bacteria over time to avoid accidentilly banning someone who has two accounts but no longer uses one of them.

The system is far from complete; and will require a lot of training for a certain game before being let loose on its own but this method should provide a much better way of weeding out cheats.

Submit "Infection" to Digg Submit "Infection" to del.icio.us Submit "Infection" to StumbleUpon Submit "Infection" to Google

Categories
/dev

Comments

  1. MaradoX-'s Avatar
    I just started reading the blogs, and I must admit, I really like the 'dev'-blogs

    Good job Carnage